Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the "CanonicalizePathName()" function in netapi32.dll and can be exploited to cause a stack-based buffer overflow via e.g. a malicious NetrpPathCanonicalize RPC request with an overly long path name to the Server Service (port 139/TCP or 445/TCP).
Successful exploitation allows execution of arbitrary code.
NOTE: According to Microsoft, the vulnerability is already being actively exploited.
Another unspecified issue discovered by Microsoft has also been reported.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution: Apply patches.
Windows NT 4.0:
This version of Windows is no longer supported by Microsoft. Customers are encouraged to upgrade to a supported version.
Provided and/or discovered by: The vendor credits US-CERT and SANS.
Changelog: 2006-08-09: Added link to US-CERT.
2006-08-14: Added details and link to Microsoft Security Advisory.
2006-09-01: Added Windows NT4.0 as vulnerable.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
